A hue and cry was raised this week when Mohamed Hassan, founder of security consultancy NetSec, accused Samsung of secretly installing keyloggers on their laptops after he discovered StarLogger, a commercial keylogger, on two newly purchased Samsung laptops. It was rumored that a Samsung representative confirmed that Samsung does installs keyloggers to monitor performance of the machine and find out how it was used. F-secure has now confirmed that the detection of keyloggers on Samsung laptops was just a false alarm.
The whole incident was caused by a false alarm by the VIPRE Antivirus product that reports infection of StarLogger keylogger by searching for the existence of a directory called "SL" in the root of the Windows directory. Even an empty folder with no files in it triggers the antivirus, as illustrated in the screenshot below.
The confusion stemmed from the installation of the Microsoft Live! application suite. The Slovak language version of the suite creates a folder called C:WindowsSL, the same folder name as is used by the StarLogger application.
The incident has now turned our attention to the reliability of malware scanner VIPRE. Apparently, VIPRE Antivirus engine takes shortcuts in detecting malware and raises alarm bells solely on the presence of certain folders without attempting to confirm the detection. This is a terrible idea.
It also raises question on the reliability and authenticity of information provided by Samsung’s tech support staff whose fabricated stories caused the company such embarrassment.